[Webmakers] Mysql database changes for state websites

Chaichin Chen Chaichin.Chen at olis.ri.gov
Wed Jun 20 11:40:11 EDT 2012 

Hi Kurt,

Do I understand correctly that all existing user IDs to the databases on Soriweb will be changed to read-only and that we need to request for new ID if we are to have write access?  

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chaichin Chen     chaichin.chen at olis.ri.gov
Office of Library & Information Services
Providence, Rhode Island 
Phone: 401-574-9307
Fax:401-574-9320
Skype: chaichinc

http://www.olis.ri.gov
http://www.info.ri.gov


>>> "Kurt Huhn" <Kurt.Huhn at DoIT.ri.gov> 6/20/2012 11:00 AM >>>


All,

As you are probably aware, there was an incident a couple weeks ago regarding on of the State's websites.  While that incident appeared isolated and did not affect other websites, we are proactively taking steps in order to mitigate any further risk of attack.

Part of our mitigation strategy is to change any database access that originates from the Statewide web server (Soriweb) to have read-only permissions.  This will help prevent database corruption from malicious individuals or organizations that may attempt to exploit vulnerabilities in website code and user account permissions.

We have already begun this process, and have thoroughly tested a handful of websites.  By the end of the business day today, all other accounts will reflect the changes we have made to the test subset.  This should not impact the functionality of your websites, but it will impact your ability to update your database until a new user account is created with new credentials.  Generally the creation of this account takes only a few moments, but it will require some changes on your side to whatever process, procedure, or scripts you run from internal systems to the mysql server in the DMZ.

There are, of course, some exceptions, and those will be dealt with on an individual basis.  If you have an application that is served from Soriweb, uses the mysql database, and requires write (update, insert) access to your database, please let me know ASAP.  The best way of getting my attention in this regard is to open a Service Desk ticket, that way I can easily track these requests without them getting lost in my inbox.

Please email me with questions.

--Kurt


-- 

Kurt Huhn
kurt.huhn at doit.ri.gov
Unix, Linux, TSM, and Storage Administration
DOA, DoIT, State of RI 
50 Service Avenue
Warwick, RI 02886
401.462.4736





_______________________________________________
Webmakers mailing list
Webmakers at listserve.ri.gov
http://listserve.ri.gov/mailman/listinfo/webmakers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserve.ri.gov/pipermail/webmakers/attachments/20120620/83eca621/attachment.html

More information about the Webmakers mailing list